I have been reading alot about Ajax and i for the most part understand what it is and what it does.

What i am not sure of is this.

Currently our company has a PHP /MySQl system for customer service to pull data on players and various other info we may need from raw data we get from our servers.

The system is dated and slow, long page loads, loading similar data, this is why i think Ajax could be an option to try.

Now, since the back end is essentially built, is it possible to use what i already have in PHP and easily convert it into using ajax based system?

Would i have to use Java or XML to really get the feature set of Ajax based sytem?

What are the requirements to use Ajax? (Java / XML / xhtml?)

i have come across Sajax and Tigermouse....they "sound" like something i could try to use..

By Java, do you mean Java or Javascript?

In AJAX the user loads the page once and then it's updated via Javascript, the Javascript makes a HTTP Request to the backend (PHP/ASP etc.) and the backend sends back an XML document, which is then handled by Javascript.

Currently your PHP outputs an HTML document, with all the formatting in it, you want it to output an XML document, without formatting.

So, small example:

HTML:

<html>
<head><title>Hi!</title></head>
<body>
The text the user wants to read with all the formatting.
</body>
</html>

XML:

<?xml version="1.0" encoding="UTF-8"?>
<text>
The text the user wants to read.
</text>

The javascript then puts the text in the correct element.

In the old situation it goes a little something like this:
Load page -> Load page -> Load page
Every time all the images and layout is loaded.

In the new situation
Load page -> Update content -> Update content
The first time you load all your images and your layout, then only the content is updated.

I hope this clarifies a bit, I'm not that good at explaining. :S

Using AJAX "engines" is useless btw, you're better of writing it yourself, it's not that much.

First :welcome:

and a great first post.


Just the sort of posts we want here :up:

First :welcome:

and a great first post.


Just the sort of posts we want here :up:
Thank you. This is like my only area of expertise. (But you have to consider AJAX is more of a way of life, not an expertise) :rofl:

Ontopic: Mr.Guvernment, I can recommend AJAX for dummies, it has a lot of samples (including how to integrate it with PHP and simple MySQL) and you can learn a lot from just reading them.

I'm not actually using AJAX anymore, I moved on to COMET. :rolleyes: (Same idea as AJAX except for the fact that you keep the connection open so the server can send data back when the server wants to instead of opening a connection every time the client needs something)

ya great info!

i did mean javascript (i didnt know they were 2 diff things until i started reading alot)

Sounds like exactly what i want, instead of the same content sent over and refreshed over and over, only update the content that is needed to be updated!

great explanation of it...


I have been reading plenty, mainly trying to get a grasp of javascript right now.

from reading, i can use PHP and MySQL as part of the ajax system.

i am trying to get our old site also moved off an older system (apache and php 4) to a newer IIS7 and php 5, but of course the php pages dont work with errors like mad moving it over to IIS 7 (yes they should work just fine, but that says more about the past coding, it isnt cross compatible between http servers!), even after editing and trying to fix (enabling things like global variables cause the last guy did all his work with those on!)

So i am now thinking i will start to redo the code as i go along to get it moved to this new system.

Is there a site, or can someone summarize for me some best practices for using PHP and MYSQL with Ajax, more so in terms of security, what i could do, shouldn't do? I have orderd some books already as well for more studying.

Right now employee's log into a front end, no ssl and a simple php login scripts that connects to MySQL to check if the info is right, i don't believe there is any encryption at all either...

i was considering adding SSL to the system, but also wanted to make sure the login script was as secure as possible

this is what is used right now



<?php
//Authorization for access for the script, the system uses the globals for windows and accesses the ************************ Database

$messcount=0;
// authorization script
$auth = 0;
if (!($dblink=mysql_connect("***************", "***********", "******************")))
{
header("Location:/cantconnect.php");
exit;
}
mysql_select_db("technotes",$dblink);
$dbpassword=mysql_query("select password,access,username from ************** where username='$PHP_AUTH_USER' ",$dblink);
$password=mysql_fetch_row($dbpassword);
if ($PHP_AUTH_PW == "$password[0]" )
{
$auth = $password[1];
//adds a line to the ************ logs
mysql_query("insert into ************************** (tstamp, loginid, password, success, page, IPaddr) values (Now(),'$PHP_AUTH_USER','$PHP_AUTH_PW', 1, 'main:$REQUEST_URI','$REMOTE_ADDR')",$dblink);
//print("insert into *************** (tstamp, loginid, password, success, page, IPaddr) values (Now(),'$PHP_AUTH_USER','$PHP_AUTH_PW', 1, 'main:$REQUEST_URI','$REMOTE_ADDR')");
$dbmesscount=mysql_query("select count(message.recid) from *************** inner join passwords on (*****************.touser=passwords.usernum) where *****************.username='$PHP_AUTH_USER'",$dblink);
//$messcount=mysql_fetch_row($dbmesscount);
}
else
{mysql_query("insert into ******************* (tstamp, loginid, password, success, page, IPaddr) values (Now(),'$PHP_AUTH_USER','$PHP_AUTH_PW', 1, 'main:$REQUEST_URI','$REMOTE_ADDR')",$dblink);}
if ( $auth == 0 or $PHP_AUTH_PW==" ")
{
//Access failure
header( "WWW-Authenticate: Basic realm=\"Authorization Required!\"" );
header( "HTTP/1.0 401 Unauthorized" );
echo 'Authorization Required!';
exit;
}
$use=$PHP_AUTH_USER;

Your troubles are caused by the fact that if you use PHP as an apache module you have different globals then when using it together with IIS with PHP as a different program.

What you should always do is make sure that if an option (like a button missing for normal users that is available for mods etc.) is disabled in the client page, a user shouldn't be capable of calling it by just typing a javascript function (javascript:ajaxfunction()) in the address bar. You should disable things both at the client side and at the server side, so check if the user is allowed to do something. There are not a specific list of problems for AJAX security, they are very similiar to those you have with basic systems.

I don't know if that script you are using is secure, no ADDSLASHES ADDSLASHES ADDSLASHES. I'm not sure if mysql injection is actually possible via a HTTP AUTH, you should try typing some ''s and "'s in the authenciation field and see if you get a MySQL error, if you do, ADDSLASHES.

And for your login page SSL is ALWAYS a must, even for non-mission critical systems.

sounds good derk.

i just got the new server set up with an SSL certificate so it will be https:// once i get things moved over, now just having some errors getting the old site over to the new system going from apache and php to IIS and php.